Andrew Tadros

FROM KEYLESS TO CARLESS

Andrew Tadros

CONGRATULATIONS! THE FAMILY IS GETTING BIGGER, YOU’VE SNARED THE RAISE, SEALED THE DEAL AND BOUGHT A NEW CAR. AS YOU SETTLE IN BEHIND THE WHEEL, YOU FLICK THOUGH THE OWNER’S MANUAL.

Among the new features you see, the most examined the protection of 10 car models across Among the new features you see, the most interesting one is the fact you don’t have to use a key. Instead, your new car uses what’s known as a ‘passive keyless entry and start’ (PKES) device. It’s handy; if you hold down the unlock button all the windows drop, and you don’t need to even take the fob out of a pocket to open and start the car. How awesome is that?

Cars equipped with PKES periodically send out a low-powered signal, a sort of digital key that waits for a response from the key fob, called polling. The signal is broadcast about every 20 to 50 milliseconds, and if the fob responds with the correct response within a time limit, the doors will unlock. Sounds secure, right?

Not really. Criminals have worked out that they can take the periodic polling messages and retransmit them to wherever the fob is, and then sniff the response from the fob back to the car. The car will be none the wiser, so long as the response is within the expected timeframe.

These criminals have created a device that essentially amplifies the short one- to two-metre range signal that the car sends out to the key, while the signal the key sends back can travel hundreds of metres. If the key hears this amplified signal, it will transmit the open command, and the car will unlock.

The scariest part about this is that, since the criminals know that the owner can’t be more than a couple hundred metres away from the vehicle, it can now be opened as if the bad guys had the owner’s key fob.

In 2011, a group of security researchers from the Switzerland-based ETH Zurich University examined the protection of 10 car models across eight manufacturers.

Surprisingly, they were not only able to gain entry into all 10 cars, but were also able to drive away with them, simply by intercepting and relaying signals from each car and their PKES.

Although it was also possible for the researchers to relay signals from the PKES back to the car, they often didn’t need to as the key’s signal can travel a few hundred metres.

It also worked no matter what protocol or cryptology the manufacturer used.

So what can you do to limit this risk? If you are really worried, you could always speak to the dealer about disabling keyless entry. Simply removing the batteries from the key fob also will render this form of attack useless.

Manufacturers develop software patches to fix these exploits as they become aware of them, and are starting to use proprietary ciphers – effectively their own set of electronic keys – in new models. However, as new technology develops, vulnerabilities continue to surface as cars age, and guides to the technology used to exploit vulnerabilities find their way online.

It’s just the start of a very large problem.

Cars can now be opened as if the bad guys had the owner’s key fob

Crack of Doom

AS CARS become more connected, a group of concerned software programmers has called on new vehicles to carry a similar “cyber-security” rating to the ones they wear for fuel use and crash safety.

Last year, a pair of hackers at DefCom, the world’s most recognised cyber-security conference, showed how they could hack into a car’s systems and play around with its settings – although no one has yet done this remotely.

Vulnerable points of entry that researchers point to are Bluetooth phone connections, in-car wireless internet hubs, and features that integrate smartphones into the car’s dashboard.